diff options
| m--------- | puppet/modules/postfix | 0 | ||||
| -rw-r--r-- | puppet/modules/site_postfix/manifests/mx.pp | 3 | ||||
| -rw-r--r-- | puppet/modules/site_postfix/manifests/mx/reserved_aliases.pp | 15 | ||||
| -rw-r--r-- | puppet/modules/site_postfix/manifests/mx/static_aliases.pp | 58 | ||||
| -rw-r--r-- | puppet/modules/site_postfix/templates/custom-aliases.erb | 11 | 
5 files changed, 71 insertions, 16 deletions
| diff --git a/puppet/modules/postfix b/puppet/modules/postfix -Subproject f09cd0eff2bcab7e12c09ec67be3c918bc83fac +Subproject 53572a8934fe5b0a3a567cdec10664f28892373 diff --git a/puppet/modules/site_postfix/manifests/mx.pp b/puppet/modules/site_postfix/manifests/mx.pp index af0f9f56..334d04d0 100644 --- a/puppet/modules/site_postfix/manifests/mx.pp +++ b/puppet/modules/site_postfix/manifests/mx.pp @@ -51,7 +51,7 @@ class site_postfix::mx {    include site_postfix::mx::checks    include site_postfix::mx::smtp_tls    include site_postfix::mx::smtpd_tls -  include site_postfix::mx::reserved_aliases +  include site_postfix::mx::static_aliases    # greater verbosity for debugging, take out for production    #include site_postfix::debug @@ -68,6 +68,7 @@ class site_postfix::mx {      preseed             => true,      root_mail_recipient => $root_mail_recipient,      smtp_listen         => 'all', +    default_alias_maps  => false,      mastercf_tail       =>      "smtps     inet  n       -       -       -       -       smtpd    -o smtpd_tls_wrappermode=yes diff --git a/puppet/modules/site_postfix/manifests/mx/reserved_aliases.pp b/puppet/modules/site_postfix/manifests/mx/reserved_aliases.pp deleted file mode 100644 index 83e27376..00000000 --- a/puppet/modules/site_postfix/manifests/mx/reserved_aliases.pp +++ /dev/null @@ -1,15 +0,0 @@ -# Defines which mail addresses shouldn't be available and where they should fwd -class site_postfix::mx::reserved_aliases { - -  postfix::mailalias { -    [ 'abuse', 'admin', 'arin-admin', 'administrator', 'bin', 'cron', -      'certmaster', 'domainadmin', 'games', 'ftp', 'hostmaster', 'lp', -      'maildrop', 'mysql', 'news', 'nobody', 'noc', 'postmaster', 'postgresql', -      'security', 'ssladmin', 'sys', 'usenet', 'uucp', 'webmaster', 'www', -      'www-data', -    ]: -      ensure    => present, -      recipient => 'root' -  } - -} diff --git a/puppet/modules/site_postfix/manifests/mx/static_aliases.pp b/puppet/modules/site_postfix/manifests/mx/static_aliases.pp new file mode 100644 index 00000000..786d74c1 --- /dev/null +++ b/puppet/modules/site_postfix/manifests/mx/static_aliases.pp @@ -0,0 +1,58 @@ +# +# Defines static, hard coded aliases that are not in the database. +# + +class site_postfix::mx::static_aliases { + +  $mx = hiera('mx') +  $aliases = $mx['aliases'] + +  # +  # Predefined aliases. +  # +  # Defines which mail addresses shouldn't be available and where they should +  # fwd +  # +  # TODO: reconcile this with the node property webapp.forbidden_usernames +  # +  # NOTE: if you remove one of these, they will still appear in the +  # /etc/aliases file +  # +  postfix::mailalias { +    [ 'abuse', 'admin', 'arin-admin', 'administrator', 'bin', 'cron', +      'certmaster', 'domainadmin', 'games', 'ftp', 'hostmaster', 'lp', +      'maildrop', 'mysql', 'news', 'nobody', 'noc', 'postmaster', 'postgresql', +      'security', 'ssladmin', 'sys', 'usenet', 'uucp', 'webmaster', 'www', +      'www-data', +    ]: +      ensure    => present, +      recipient => 'root' +  } + +  # +  # Custom aliases. +  # +  # This does not use the puppet mailalias resource because we want to be able +  # to guarantee the contents of the alias file. This is needed so if you +  # remove an alias from the node's config, it will get removed from the alias +  # file. +  # + +  # both alias files must be listed under "alias_database", because once you +  # specify one, then `newaliases` no longer will default to updating +  # "/etc/aliases.db". +  postfix::config { +    'alias_database': +      value => "/etc/aliases, /etc/postfix/custom-aliases"; +    'alias_maps': +      value => "hash:/etc/aliases, hash:/etc/postfix/custom-aliases"; +  } + +  file { '/etc/postfix/custom-aliases': +    content => template('site_postfix/custom-aliases.erb'), +    owner   => root, +    group   => root, +    mode    => 0600, +    notify  => Exec['newaliases'] +  } +} diff --git a/puppet/modules/site_postfix/templates/custom-aliases.erb b/puppet/modules/site_postfix/templates/custom-aliases.erb new file mode 100644 index 00000000..f261514b --- /dev/null +++ b/puppet/modules/site_postfix/templates/custom-aliases.erb @@ -0,0 +1,11 @@ +# +# This file is managed by puppet. +# +# This is a map of custom, non-standard aliases. The contents of this file +# are derived from the node property `mx.aliases`. +# + +<%- @aliases.keys.sort.each do |from| -%> +"<%= from %>": "<%= [@aliases[from]].flatten.join('", "') %>" +<%- end -%> + | 
